#
#     _  _   ____                         _  
#   _| || |_/ ___|  ___ _ __  _ __   ___ | | 
#  |_  ..  _\___ \ / _ \ '_ \| '_ \ / _ \| | 
#  |_      _|___) |  __/ |_) | |_) | (_) |_| 
#    |_||_| |____/ \___| .__/| .__/ \___/(_) 
#                      |_|   |_|             
#
#  Personal Social Web.
#
#  Copyright (C) The #Seppo contributors. All rights reserved.
# 
#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
 
# Requires:
#   mod_cgi.c
#   mod_rewrite.c

# mandatory, already before first run of cgi (hopefully a webserver default or
# uncomment and place .htaccess manually...):
# AddHandler cgi-script .cgi
# Options FollowSymLinks ExecCGI

# mandatory
DirectoryIndex index.html index.xml index.json

# recommended
AddDefaultCharset UTF-8
AddType "application/javascript"   js jsonp
AddType "application/jrd+json"     jrd
AddType "application/json"         json
AddType "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"" jsa
AddType "image/jpeg"               jpg
AddType "image/svg+xml"            svg
AddType "text/css"                 css
AddType "text/html"                html
AddType "text/xml"                 xml
AddType "text/xsl"                 xsl
AddOutputFilter DEFLATE html xml xsl css jsa json jsonp svg

# recommended
# https://observatory.mozilla.org/
# Header set Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-hGqewLn4csF93PEX/0TCk2jdnAytXBZFxFBzKt7wcgo='; connect-src 'self'; font-src 'self'; img-src 'self' data: https://*; media-src 'self';"
Header set Content-Security-Policy "base-uri 'none'; form-action 'self'; frame-ancestors 'none'; default-src 'none'; style-src 'self' 'unsafe-inline'; script-src 'self' 'sha256-hGqewLn4csF93PEX/0TCk2jdnAytXBZFxFBzKt7wcgo='; connect-src 'self'; font-src 'self'; img-src data: 'self' https://*; media-src 'self';"
Header set Referrer-Policy         no-referrer
# https://lobste.rs/s/98rp8f/cors_is_stupid
Header set Access-Control-Allow-Origin  *
Header set Access-Control-Allow-Methods *
Header set X-Content-Type-Options  nosniff
Header set X-Frame-Options         DENY
# nice
Header set X-Powered-By            "Seppo.mro.name"
# https://lobste.rs/s/1phzpg/block_ai_training_on_web_site
Header set X-Robots-Tag            "noai, noimageai, GPC"

# cache assets only (see themes/current/.htaccess)
<If "%{REQUEST_URI} =~ m#^/seppo\.cgi/actor/icon$#">
  Header set Cache-Control "max-age=86400, public"
</If>
<Else>
  Header set Cache-Control "no-cache"
</Else>

Header set Connection Keep-Alive
